httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: Kerberos authentication
Date Wed, 12 Mar 2003 21:09:58 GMT


On Wed, 12 Mar 2003, Bill Stoddard wrote:

> Anyone have any first hand experience with kerberos authentication in
> the server?

.. well - we have ripped code out of telnet(d) from KTH-their Heimdal's on
*BSD to do this for a finance customer - who had some (silly but golden)
policy which made kerberos the only acceptable auth method across certain
internal network boundaries.

But we only did auth; nothing else; and only between an apache server and
an apache proxy. Not between server and client. Nor did we anything like
the '-x' from telnetd for encryption.

It worked well, fast and reliable - which was a surprize as the use you
now make of Kerberos is quite different than say, for telnet or an
x-display; lots of concurrent auths for lots of connections.

See also

	http://modauthkerb.sourceforge.net/

which is a local kerb auth (i.e. the password goes basic auth over http)
and

	http://meta.cesnet.cz/software/heimdal/mod_auth_kerb.c

which is a hack on the above for the real thing. (It is listed on that
page - but not linked in).

Do you need it for anything specific ? Can I help ?

Dw


Mime
View raw message